Method to identify consumer electronics products

ABSTRACT

Systems and methods for identifying consumer electronic products using a playback device with a product identifier in accordance with embodiments of the invention are disclosed. In one embodiment, a playback device includes a processor and memory configured to store a product identifier, where the product identifier is associated with a specific product and is associated with cryptographic information, wherein the processor is configured by a client application to request content from a server, communicate the product identifier to a server, and receive encrypted content accessible using cryptographic information including the cryptographic information associated with the product identifier.

CROSS-REFERENCE TO RELATED APPLICATIONS

The current application claims priority to U.S. Provisional. ApplicationNo. 61/503,581, filed Jun. 30, 2011, the disclosure of which isincorporated herein by reference in its entirety. The currentapplication also claims priority to U.S. Provisional. Application No.61/581,598, filed Dec. 29, 2011, the disclosure of which is incorporatedherein by reference in its entirety.

FIELD OF THE INVENTION

The present invention relates generally to managing consumer electronicsproducts operating on a digital rights management (DRM) system, and morespecifically to systems and methods for reliably identifying a class ofdevice by product line using an identifier.

BACKGROUND OF THE INVENTION

A consumer electronic or CE device is typically built using a specificchipset designed for a specific class of consumer electronics device(e.g. high definition televisions). Many original equipmentmanufacturers (OEMs) can utilize the same chipset to produce a similarproduct. The OEMs differentiate the products using different firmware tomodify the user interface and the capabilities of the device. In manyinstances, products manufactured by an OEM that share a common chipsetand firmware are referred to as a product line.

A common capability of CE devices is the playback of multimedia content.A variety of digital rights management (DRM) systems exist to preventunauthorized playback of protected content. DRM systems typicallyencrypt content so that a specific cryptographic key or combination ofcryptographic keys is required to play back the content. Playbackdevices typically register with the DRM system to obtain the keys thatare necessary to play back protected content.

A DRM system owner/operator may implement a certification system,through which it “approves” a device model or product line to operate onits DRM system. Certification typically involves the DRM system operatortesting that the device and/or chipset and firmware combination thatdefines a product line operates in the manner required for operationwithin the DRM system. Once a device model or product line is approvedto operate within a DRM system, purchasers of approved devices canregister the devices with the DRM system and play protected contentauthorized for playback on the registered device.

SUMMARY OF THE INVENTION

Systems and methods for identifying consumer electronic products using aplayback device with a product identifier in accordance with embodimentsof the invention are disclosed. In one embodiment, a playback deviceincludes a processor and memory configured to store a productidentifier, where the product identifier is associated with a specificproduct and is associated with cryptographic information, wherein theprocessor is configured by a client application to request content froma server, communicate the product identifier to a server, and receiveencrypted content accessible using cryptographic information includingthe cryptographic information associated with the product identifier.

In a further embodiment, the processor is further configured by a clientapplication to communicate a product identifier version to the server.

In another embodiment, the memory is further configured to store producttag data associated with the product identifier, and the product tagdata includes at least one product tag that describes a characteristicof the product.

In a still further embodiment, the processor is further configured by aclient application to transmit product tag data to a server and receiveconfirmation from the server whether a first product credentialreference identifier that is generated from the transmitted product tagdata matches a second product credential reference identifier stored onthe server.

In still another embodiment, product tag data includes at least one tagselected from the group consisting of: product ID version, brand,ODM/manufacturer, device type, model number, base model number, siliconplatform ID, certified playback profile, country, and digital secureadaptive streaming software version.

In a yet further embodiment, the memory is further configured to store aproduct credential reference identifier that is associated with theproduct identifier and is generated using at least the productidentifier and at least a portion of the product tag data.

In yet another embodiment, the method used to generate the productcredential reference identifier is determined based upon a productidentifier version.

In a further embodiment again, the cryptographic information associatedwith the product identifier includes a product key.

In another embodiment again, the memory is further configured to storeuser account data.

In a further additional embodiment, the user account data includes auser identifier and cryptographic information associated with the useridentifier.

In another additional embodiment, the cryptographic informationassociated with the user identifier includes a user key and product SSLcertificate.

In a still yet further embodiment, the processor is further configuredby a client application to receive cryptographic information associatedwith a user identifier and store the cryptographic information inmemory.

In still yet another embodiment, the content encrypted using thecryptographic information associated with the product identifierincludes the cryptographic information associated with the useridentifier.

In a still further embodiment again, the cryptographic informationassociated with the product identifier includes a product key and theprocessor is further configured by a client application to access thecryptographic information associated with a user identifier using theproduct key.

In still another embodiment again, the cryptographic informationassociated with the product identifier includes a product key and theprocessor is further configured by a client application to access thecryptographic information associated with a user identifier using theproduct key and a device key.

In a still further additional embodiment, the second product credentialreference identifier is stored on the server and associated with producttag data stored on the server.

In still another additional embodiment, the second product credentialidentifier is stored in the memory and associated with the product tagdata stored in the memory and the processor is further configured by aclient application to transmit the second product credential identifierto the server.

In a yet further embodiment again, a method of identifying a playbackdevice including a product identifier includes communicating a productidentifier to a server, where the product identifier is associated witha specific product and is associated with cryptographic information,requesting content from the server, and receiving encrypted contentaccessible using cryptographic information including the cryptographicinformation associated with the product identifier.

In yet another embodiment again, the method includes communicating aproduct identifier version to the server.

In a yet further additional embodiment, the method includes associatingproduct tag data with the product identifier, where the product tag dataincludes at least one product tag that describes a characteristic of theproduct, and storing the product tag data in memory.

In yet another additional embodiment, the product tag data includes atleast one tag selected from the group consisting of: product ID version,brand, ODM/manufacturer, device type, model number, base model number,silicon platform ID, certified playback profile, country, and digitalsecure adaptive streaming software version.

In a further additional embodiment again, the method includesassociating a product credential identifier with the product identifier,where the product credential reference identifier is uniquely generatedusing at least the product identifier and at least a portion of theproduct tag data, and storing the product credential identifier inmemory.

In another additional embodiment again, the method used to generate theproduct credential reference identifier is based upon a productidentifier version.

In a still yet further embodiment again, the cryptographic informationincludes a product key.

In still yet another embodiment again, the method includes receiving andstoring user account data.

In a still yet further additional embodiment, the user account dataincludes a user identifier and cryptographic information associated withthe user identifier.

In still yet another additional embodiment, the cryptographicinformation associated with the user identifier includes a user key andproduct SSL certificate.

In a yet further additional embodiment again, the method includesaccessing the cryptographic information associated with a useridentifier using a product key and a device key.

In yet another additional embodiment again, the content encrypted usingthe cryptographic information associated with the product identifierincludes the cryptographic information associated with the useridentifier.

In a still yet further additional embodiment again, the method includesreceiving a request for product tag data from a server, transmittingproduct tag data to the server, and receiving confirmation from theserver whether a first product credential reference identifier that isgenerated from the transmitted product tag data matches a second productcredential reference identifier.

In still yet another additional embodiment again, the method includesretrieving a second product credential reference identifier from memoryand transmitting the second product credential reference identifier tothe server.

In another further embodiment, a machine readable medium containsprocessor instructions, where execution of the instructions by aprocessor causes the process to perform a process includingcommunicating a product identifier to a server, where the productidentifier is associated with a specific product and is associated withcryptographic information, requesting content from the server, andreceiving content encrypted using cryptographic information includingthe cryptographic information associated with the product identifier.

In still another further embodiment, a method for certifying a consumerelectronics product includes receiving product tag data, storing aproduct identifier, a product credential reference identifier, and atleast one product tag from the received product tag data on aregistration server so that the product credential reference identifierand the at least one product tag are associated with the productidentifier, storing the product identifier, the product credentialreference identifier, and at least one product tag from the receivedproduct tag data on a device, and retrieving the product credentialreference identifier and at least one product tag stored on the deviceto display in human-readable format.

In yet another further embodiment, the method includes receiving inputof the product credential reference identifier and the at least oneproduct tag stored on the device into a certification terminal andtransmitting the product credential reference identifier and the atleast one product tag to the registration server.

In another further embodiment again, the product tag data includes atleast one tag selected from the group consisting of: product ID version,brand, ODM/manufacturer, device type, model number, base model number,silicon platform ID, certified playback profile, country, and digitalsecure adaptive streaming software version.

In another further additional embodiment, the product credentialreference identifier is generated using at least the product identifierand one product tag.

In a further embodiment, the product credential reference identifier isgenerated using a cryptographic hash function.

In another embodiment, receiving product tag data includes receiving anelectronic transmission that includes the product tag data over anetwork.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a system-level overview illustrating a DRM and contentdistribution system in accordance with an embodiment of the invention.

FIG. 2A is a chart listing product tags in accordance with an embodimentof the invention.

FIG. 2B conceptually illustrates product tags forming a set of producttag data.

FIG. 2C conceptually illustrates the relationship between a productdescriptor, a product ID, product tags (both constant and variable), anda credential reference identifier in accordance with an embodiment ofthe invention.

FIG. 3 conceptually illustrates a playback device, which storesinformation related to a user account and a product identifier andcryptographic data used to decode content in accordance with anembodiment of the invention.

FIG. 4 conceptually illustrates a registration server, which storesinformation related to user accounts including (but not limited to)cryptographic data, in accordance with an embodiment of the invention.

FIG. 5 is a flow chart illustrating a process that can be used togenerate a product identifier and associate the product identifier withproduct tag data in accordance with an embodiment of the invention.

FIG. 6 is a flow chart illustrating a process for verifying the correctstorage of a product identifier and associated information on a playbackdevice.

FIG. 7 is a flow chart illustrating a process for checking revocationstatus of a product identifier and communicating secure data from aserver to a device based upon the product identifier.

DETAILED DESCRIPTION

Turning now to the drawings, systems and methods for identifyingconsumer electronic products using a playback device with a productdescriptor are illustrated. In many embodiments of the invention,playback devices operate within a digital rights management (DRM) systemin which they communicate with different types of servers over anetwork. In many embodiments, the playback devices are certified for usein the DRM system. Certification is an endorsement by a DRM systemoperator that devices in a particular product line have been tested tobe compatible with the DRM system. It may be tempting for a devicemanufacturer to resort to a form of counterfeiting, by taking firmwarethat was written for the chipset of one model of device and placing iton another model of device that uses the same chipset. This improper useof the issued device certification can present technical difficulties ininteroperability with the DRM system and is typically motivated by adesire to avoid paying royalties and/or other contractual obligationsrelated to the use of the DRM system with respect to the devices inquestion.

DRM systems in accordance with many embodiments of the invention utilizea mechanism to identify products by manufacturer and product line inorder to enforce certification policies, facilitate confinement ofsecurity breaches, and assist with the tracking of revenues. In a numberof embodiments, a process for certifying a product and/or product linewithin a DRM system can include assigning a product descriptor to eachproduct or product line. The term product can be used to refer to bothindividual products and product lines and is used to refer to bothproducts and product lines throughout the discussion that follows.

In order to facilitate reviewing whether the product ID installed on aspecific device is appropriate to the device (i.e. whether the device isthe product indicated by the product ID), DRM systems in accordance witha number of embodiments of the invention also store product tag datadescribing the product on the device and a product credential referenceidentifier (credential reference ID) generated using some or all of theproduct tag data. Displaying the product tag data enables a quick visualinspection of whether the characteristics of the device correspond tothe product characteristics indicated by the product tags. The productcredential reference ID is generated using a subset of the product tagsthat remain constant through the useful life of the product (constanttags) and can be utilized to verify that the product tag datacorresponds to the characteristics of the device. If the productcredential reference ID generated using some or all of the product tagsdoes not match the stored product credential reference ID associatedwith a specific product ID, then tampering is likely present.

In many embodiments, a product ID together with constant product tagsand a subset of the product tags that may change over the life of theproduct (variable product tags) form a product descriptor. Variableproduct tags can be used to indicate software versions or providetracking capabilities. The product descriptor can serve to differentiatedevices within a product line (i.e., having the same product ID) bytheir installed software version and/or updates the device has received.

In several embodiments, one or more pieces of cryptographic data(product keys) can also be issued with respect to each product ID and/orproduct descriptor. The product key(s) can be utilized to issuetechnically protected content to the device. In the event of a securitybreach with respect to a specific product, the product key(s) can berevoked to limit the scope of the security breach. DRM systems andmethods for identifying different products within a DRM system inaccordance with embodiments of the invention are discussed furtherbelow.

System Architecture

A DRM system in accordance with an embodiment of the invention isillustrated in FIG. 1. The DRM system 10 includes a plurality ofconsumer electronics devices that include information identifying aspecific product or product line to which the device belongs. In theillustrated embodiment, the consumer electronics devices include deviceswith content playback capabilities such as (but not limited to) acellular phone 12, smart phone 14, television 16, personal computer 18,DVD player, or digital media player. The consumer electronics devicesare configured to communicate with remote servers via a network 20 suchas the Internet. In the illustrated embodiment, the DRM system includesa registration server 22 and content server 24. Devices typically firstconnect to a registration server to be associated with a user accountand acquire credentials/cryptographic data (e.g., SSL certificate,encryption keys) used to access content. Devices may then connect to acontent server and request content with the credentials. The contentserver can issue the requested content in such a way that thecredentials/cryptographic data (e.g., SSL certificate, encryption keys)of the device are required to access the content.

A variety of techniques can be utilized to identify a specific product.In a number of embodiments, a product descriptor that includes a productID is assigned to each product. The product ID can be generated basedupon the characteristics of the product and/or arbitrarily assigned.Variations within a product can be identified by a product descriptorthat includes a product ID, variable product tags, and constant producttags. One or more variable product tags can be used to indicate avariation such as different software versions and updates. The productdescriptor and/or product ID can be utilized in a variety of processesincluding (but not limited to) the certification and registration of thedevice. In several embodiments, the use of the product ID duringcertification is enhanced by also associating product tag data with theproduct ID to form a product descriptor. The product tag data describesthe product and, when displayed, can be utilized to readily verifywhether the characteristics of the device correspond to thecharacteristics of the product associated with the product ID. In manyembodiments, attempts to detect tampering with the product tags can beidentified by generating a product credential reference ID using some orall of the product tags. The product credential reference ID can bestored with respect to the product tags originally associated with aproduct ID. When a product credential reference ID generated using theproduct tags present on a device do not match with the stored productcredential reference ID associated with the product ID, tampering ispresent. In several embodiments, cryptographic data is also associatedwith the product ID to enable the quarantining of security breaches withrespect to a specific product.

In many embodiments, the product ID, product credential reference ID,product key, and product tag data are stored in non-volatile memory on aplayback device. Often, when a playback device is designed andmanufactured to be used in a DRM system, the DRM system operator willpackage into a dataload the encryption keys, algorithms, and/or otherinformation and software instructions necessary for the device tocommunicate with DRM servers and receive content. In several embodimentsof the invention, the product ID and other data is included in thedataload given to a manufacturer for storage on each device.

Although a specific architecture is shown in FIG. 1 any of a variety ofarchitectures can be utilized that enable playback devices tocommunicate with servers over a network in accordance with embodimentsof the invention. Furthermore, much of the discussion that followsrelates to the use of the product descriptor, product ID, productcredential reference ID, product key(s) and product tag data in thecertification of products and authentication of devices. As can readilybe appreciated not all of the product credential reference ID, productkey(s) and product tag data need be associated with a product ID.Indeed, additional data associated with a product ID can vary dependingupon the requirements of a specific application in accordance withembodiments of the invention. Product descriptors, Product IDs,additional data that can be associated with product IDs, and systems andmethods for using product IDs and associated data in accordance withembodiments of the invention are discussed further below.

Product Identifier

In many embodiments of the invention, a product identifier (ID) is acharacter string that is associated with one or more sets of product tagdata, where a set of product tag data is descriptive of a product. Anyof a number of methods can be used to generate a product ID, including arandom number generator, manual numbering or determination by a person,or systematic methods such as using sequential numbers or globallyunique identifiers.

Product Tag Data

In several embodiments of the invention, a set of product tag data isassociated with a product ID. The individual tags represent informationabout some aspect of a product. In several embodiments of the invention,an original equipment manufacturer (OEM) requests that a product becertified (i.e. issued a product ID) and provides information for theproduct tags. The DRM system operator certifies the product by verifyingthat a device that is exemplary of the product passes certain tests.Assuming the product tags accurately describe the device, the DRM systemoperator can issue a product ID for the product and can associate theproduct tags with the product ID. Generally, a change in the value ofsome of the product tags may necessitate a different product ID.

In many embodiments of the invention, some product tags may be constantproduct tags while other tags are variable product tags. Constantproduct tags are expected to remain constant and not to change throughthe life of a product. A product credential reference ID can begenerated using some or all of the constant product tags associated witha product, as will be described further below.

Variable product tags may change over the life of the product. Variabletags can be used to track characteristics that may change such assoftware versions. A product descriptor may be formed using a productID, variable product tags, and constant product tags, as will bedescribed further below.

A list of product tags, in accordance with an embodiment of theinvention is shown in FIG. 2A. A set of product tag data, includingthree variable product tags and seven constant product tags, isillustrated in FIG. 2B. There can be other values of product tags thatrepresent the characteristics of the class of device.

Product ID Version (PT1) indicates the version of the product IDcreation algorithm used to generate the product ID and productcredential reference ID from the product tags. Each version can alsospecify lengths and format of tag data, as well as the number of tagsand the meaning of each tag. In essence, PT1 allows for the productdescriptor to be extensible through the definition of new tag names andversions.

The Brand tag (PT2) is the brand that the device is sold under—the namemarked on the product and product packaging.

The ODM/Manufacturer tag (PT3) is the company name of the manufacturerof the product. The company may or may not be the same as the Brand. Forinstance, a product may be designed and manufactured by an originaldesign manufacturer (ODM) and eventually branded by another firm forsale. Or, a company may design and manufacture its own product, in whichcase the Brand may be the same as the ODM/Manufacturer.

The Device Type tag (PT4) represents the type of product (e.g., DVDplayer, television). In many embodiments of the invention, the producttype is indicated in a license agreement between the company seekingcertification and the certifying DRM system owner.

The Model. Number tag (PT5) is the model number of the product indicatedon the product and product packaging. In some embodiments of theinvention, products with different model numbers may have the sameproduct ID so long as they share the same base model number. These maybe thought of as related products which often share the same chipsetand/or other major components and differ only by some playback featuresor capabilities. In other embodiments, each product with a distinctmodel number has a distinct product ID.

The Base Model. Number tag (PT6) is the model number of a product's basemodel. For a base model itself, the value is the same as the Model.Number. In many embodiments of the invention, a base model specifiesdevices using the same chipset and firmware.

The Silicon Platform ID tag (PT7) is the model number of the chipset orprocessor architecture used in the device.

The Certified Playback Profile tag (PT8) denotes the playback profile orprofiles for which the device is certified. A playback profile isdefined by a DRM system owner as a set of supported or compatible filetypes, container formats, playback codecs, resolutions, and/or otherfeatures of digital media content.

The Country tag (PT9) is the country name where the product will beshipped and sold.

The Digital. Secure Adaptive Streaming (DSAS) Software Version tag(PT10) can be used to indicate the version numbers for secure adaptivestreaming software components implemented on the device. These mayinclude platform components such as the playback software, operatingsystem, and firmware. As will be discussed further below, the tag may beused to determine various device capabilities when the device plays backcontent such as in the process described in the discussion of FIG. 7below.

Although specific tags and fields have been described above, systems andmethods in accordance with embodiments of the invention can utilize anyof a variety of types of information in product tags that are associatedwith a product ID.

In several embodiments of the invention, product tag values can beobtained from a device by running an application on the device that willrecord the values and communicate the values to a server. In addition,the product tags can vary with different types and classes of product.In many embodiments, the constant tags or a subset of the constant tagsfor a specific device are utilized as device match data for the purposeof registering the device within a DRM system in the manner outlined inU.S. patent application Ser. No. 13/339,315, to Chan et al. entitled“Binding of Cryptographic Content Using Unique Device Characteristicswith Server Heuristics” filed Dec. 28, 2011, the disclosure of which isincorporated by reference herein in its entirety. As can readily beappreciated, the constant tags can vary from product descriptor toproduct descriptor and so the constant tags that are utilized as devicematch data can also vary from one product descriptor to the next.

Product Descriptor

In several embodiments of the invention, a product ID identifies devicesof a particular product or product line. In further embodiments, aproduct descriptor can differentiate devices within a product or productline by feature set or software or firmware versions. A productdescriptor includes a product ID and product tag data. In manyembodiments, product tag data includes constant product tags andvariable product tags. The variable product tags in the productdescriptor of one device may have different values from the variableproduct tags in the product descriptor of another device, while havingthe same product ID. The actual tags used in the product descriptor canvary between product IDs. The relationship between a product descriptor,product ID, variable product tags, constant product tags, and credentialreference identifier (product credential reference ID) in accordancewith an embodiment of the invention is conceptually illustrated in FIG.2C.

Generating a Product Credential Reference Identifier

In several embodiments of the invention, a product credential referenceID is generated using one or more of the product tags and associatedwith that set of product tags, a product ID, and/or a productdescriptor. The product credential reference ID is a unique string ofset length generated from some or all of the product tags. In manyembodiments of the invention, the product tags used to generate theproduct credential reference ID are constant product tags. The productcredential reference ID is an efficient technique for representing a setof product tags and for detecting tampering. When product tags arechanged so that a device passes inspection, the changes can be detectedby comparing the product credential reference ID generated using themodified tags and the original product credential reference IDassociated with the product ID. The generation of a product credentialreference ID can be achieved by many methods, one of which is acryptographic hash function.

A cryptographic hash function is a procedure or algorithm that takes anarbitrary block of data and returns a fixed-size bit string, the hashvalue, such that an accidental or intentional change to the data willchange the hash value. A cryptographic hash function ideally has foursignificant properties: it is easy to compute the hash value for a giveninput value, it is infeasible to generate an input value that has agiven hash value, it is infeasible to modify an input value withoutchanging the resulting hash value, and it is infeasible to find twoinput values with the same hash value.

In many embodiments of the invention, the product credential referenceID generation algorithm uses some or all of the product tags andoptionally the product ID as inputs. The result is truncated to aprespecified length, which makes reading and recording by a humanobserver easier.

In several embodiments, the hash creation and truncation methods areupdatable based on the product ID version. It is understood that a verysmall chance for collision in the credential reference ID exists;however, hash creation and truncation methods can be adapted to mitigatethe problem. Although specific techniques are referenced above forgenerating credential reference IDs, any of a variety of processesappropriate to a specific application can be utilized in accordance withembodiments of the invention.

Product Key

A product key is cryptographic data that can be utilized in theencryption and/or decryption of content and is associated with a productID and/or product descriptor. In many embodiments, a product key isstored together with the product ID on a CE playback device. As will bediscussed further below, the product key can be used in conjunction withone or more other encryption keys stored on the device to accessencrypted data (e.g., other keys used to access content or the contentitself).

Storage of Product Identifier

In many embodiments of the invention, a product ID and associated dataare stored on a playback device to enable the playback device toidentify itself to a DRM system. A playback device, which stores aproduct ID, product credential reference ID, product tag data (the setof product tags), and product key in non-volatile memory, in accordancewith an embodiment of the invention is shown in FIG. 3. The playbackdevice 30 includes a processor 32, volatile memory 34, and non-volatilememory 36. In the illustrated embodiment, the non-volatile memory 36includes a product ID 44, product tag data 46, a product credentialreference ID 48, and a product key 50. As described above, in manyembodiments, product ID 44 and product tag data 46 (e.g., constant tagsand variable tags) form a product descriptor 52. As will be discussedbelow, the user ID, user key, and SSL certificate may be stored during aregistration process, and the product ID, product credential referenceID, product tag data, and product key are typically loaded onto thedevice during manufacturing as part of the device's firmware.

Cryptographic data, which can be used to decrypt encrypted data orcreate secure connections to other systems, may also be stored in thenon-volatile memory. In many embodiments, the cryptographic dataincludes (but is not limited to) a user ID 38 that is a uniqueidentifier for a user account, a user key 40 used in decryption ofcontent, and an SSL certificate 42 used in creating secure connectionswith other devices via Hypertext Transfer Protocol. Secure (HTTPS) or asimilar secure communication protocol. HTTPS is a combination of theHypertext Transfer Protocol (HTTP) with Secure Sockets Layer/TransportLayer Security (SSL/TLS) protocol to provide encrypted communication andsecure identification of a network device. In other embodiments, any ofa variety of identifiers, keys, certificates and other types ofinformation can be stored as cryptographic data on a playback device.

In several embodiments of the invention, product IDs and data associatedwith each ID are stored on a registration server. A registration server,which stores the product IDs, product credential reference IDs, sets ofproduct tag data, and product keys in non-volatile memory, in accordancewith an embodiment of the invention is shown in FIG. 4. The registrationserver includes a processor 70 and non-volatile memory 72. Thenon-volatile memory includes a product list 74, which includes at leastone product ID 76, and its associated product tag data 78 (i.e., set oftags), product credential reference ID 80, and product key 82. In manyembodiments, a product ID together with product tag data forms a productdescriptor 83.

In some embodiments of the invention, the non-volatile memory alsoincludes a user account list 84, which includes at least one user ID 86,and its associated user key 88 and a product SSL certificate 90. Thedata may also be stored in data structures other than lists, such as(but not limited to) databases. As can readily be appreciated, SSLcertificates may be assigned uniquely to user accounts, to productclasses, to device models, to individual devices or by numerous otherclassifications subject to the limitations and security policies of theDRM system.

Issuing a Product Identifier in a Certification Process

In many embodiments of the invention, a product ID is issued for a setof product tag data and the collection of product ID and the product tagdata embedded in each device in the product line associated with thatproduct tag data. A flow chart illustrating a process for issuing aproduct ID during a certification process, in accordance with anembodiment of the invention is shown in FIG. 5.

A vendor submits (102) product tag data to a certification team. Thesubmission can be a paper form that is filled out with the relevantproduct tag data, an electronic form that transmits the information overa network, or other manual or automated process. The certification teamverifies (104) that the information is correct—that it is unique (i.e.,tags that should be unique to a product do not have the same values astags in another product) and complete (i.e., tags are not missing). Ifthe information is correct (106), the certification team generates (108)a product ID, product credential reference ID, and product key. Thenewly created product ID, product credential reference ID, and productkey are associated with the product tag data and stored on aregistration server. The product ID, product credential reference ID,product key, and the product ID version used to generate the product IDare sent (110) to the vendor to be stored on each device in the productline designated by the product ID. In many embodiments, a productdescriptor is sent to the vendor that includes the product ID andproduct tag data.

In several embodiments of the invention, the DRM system owner packagesinto a dataload the encryption keys, algorithms, and/or otherinformation and software instructions necessary for the device tocommunicate with DRM servers and receive content. The dataload is givento the manufacturer to be stored as firmware or as data in non-volatilememory on each device when it is manufactured. The product ID andassociated data can be included in the dataload given to a manufacturer.The process described above with respect to FIG. 5, however, may beconducted differently in circumstances where a product ID is assigned toa class of devices (e.g. devices that utilize the same operating system)that include different hardware. In situations where a single product IDis assigned to a class of devices (e.g. mobile devices running aspecific operating system), the tag values can be dynamically collectedfrom the system and provided to the DRM system during the certificationtime using a specific certification application. Accordingly, any of avariety of processes for generating product identifying information andloading the information onto devices can be utilized in accordance withembodiments of the invention.

Verifying the Product Identifier

In many embodiments of the invention, certification of a productincludes verifying that the product ID and associated tag data withinthe product descriptor are stored accurately on a device in the productline. A flow chart illustrating a process for verifying a product IDduring a certification process, in accordance with an embodiment of theinvention is shown in FIG. 6.

The vendor stores (130) a product ID, product certification referenceID, product tag data, and product key in memory on a device. In someembodiments of the invention, the product ID, product certificationreference ID, product tag data, and product key can be contained withina dataload of information packaged to be loaded on the device during themanufacturing process as discussed above. In other embodiments, producttag data may be dynamically collected from a device using an applicationthat reads and records tag values as described above, and the device maygenerate the product credential reference ID.

The certification team verifies (132) that the product ID and otherinformation are stored accurately. A variety of methods can be utilizedto complete the verification. An interface on the device may beconfigured such that the memory can be read directly. Firmware orsoftware on the device may be programmed to respond to a device statuscall with the product ID, product credential reference identifier,and/or product tag data. Firmware or software on the device may also beprogrammed to show the information in human-readable format on a displayintegrated on the device or removably attached to the device. In severalembodiments of the invention, the product credential referenceidentifier and at least one product tag are rendered viewable forcertification purposes.

Verification may be facilitated by recalling and displaying the productID and/or other information stored on the server for comparison with thecorresponding information stored on the device. Another mechanism thatcan be utilized is to transfer the product ID and/or other informationstored on the device to a terminal manually (e.g., by human interaction)or electronically (e.g., by a physical or wireless connection). Theterminal electronically communicates the information to a registrationserver storing a copy of the information and the registration serverresponds with whether the information matches.

If the product ID and other information are correct (134), thecertification team stores (136) the product ID, product credentialreference ID, product tag data, and product key on the registrationserver. The information is associated as pertaining to one product linein the DRM system.

If the product ID and other information are not stored correctly, thecertification team can investigate whether the product is participatingin the DRM system without appropriate authorization. Although a specificprocess is illustrated in FIG. 6, any of a variety of processes forverifying the product ID and the product related credentials of a devicecan be utilized in accordance with embodiments of the invention.

Using Product ID and Product Key in Registration and Authentication

In order to participate in a DRM system, a playback device typicallyconnects to a registration server to register itself as an authorizeddevice and connect to a content server each time a user wishes to streamor download content over a network. In several embodiments of theinvention, a playback device sends its stored product ID, productcredential reference ID, and/or product tag data to a server whenregistering with a registration server or connecting to a content serverto play back streaming content. If the product ID is revoked or ifproduct tag data does not match, the registration or connection attemptcan be denied. Various embodiments of the invention utilize a product IDand associated information in authenticating a device to a server in aDRM system. In many embodiments, a product ID and product tag data aresent together as a product descriptor. In several embodiments of theinvention, a device receives cryptographic data that it uses to decryptcontent and the cryptographic data is encrypted with a product key.Systems and methods for implementing a product ID and product key inregistration and authentication of a device are discussed below.

In many embodiments of the invention, registration of a product includesverifying that the product ID and associated data in the productdescriptor are correct and that the product ID has not been revoked. Aflow chart illustrating a registration process involving verification ofa device's product ID, in accordance with an embodiment of the inventionis shown in FIG. 7.

A device sends (170) its stored product ID and product ID version to aserver. The server determines (172) if the product ID is in a revokedstate. The server may maintain a list of revoked product IDs, mayindicate revocation status in a database where the product ID is stored,or obtain revocation status of product IDs with any of a variety ofother methods including (but not limited to) communicating with a remotesystem that maintains product ID revocation status. Revocation statusmay be determined based upon a product ID, any combination of one ormore product tags, or any combination of product ID and product tags.Revocation can be checked by any process where a server receives acombination of product ID and product tags that determines revocationstatus, or information that can be used to look up the product ID andproduct tags. The server or the remote system can be configured toupdate the list or database using various manipulative functionsincluding adding and removing product IDs. If the product ID is revoked,the device will not be permitted any protected functions (182) with theserver, unless the product ID is restored (184). A protected function isany function that is restricted to devices that can be authenticated andcan include (but are not limited to) registration of the device orissuance of content to the device.

If the product ID is not revoked, the server proceeds to authenticate(174) the session with the device. Authentication may entail the deviceusing its SSL certificate to request a secure connection, although othermethods may be used to ensure a secure connection (i.e., where theserver and device have reliably identified the machine it iscommunicating with). For example, during initial registration of adevice, the device may not have received an SSL certificate, so a trustrelationship may be established by supplying user account details of thecustomer attempting to register the device.

A variety of protected functions can be allowed once the server hasdetermined that the product ID has not been revoked. Functions may varydepending on the purpose for which the device is communicating to theserver. In some embodiments of the invention, a device connects to aregistration server for registration on the DRM system. Typically, sucha transaction associates the device with a user account and the devicereceives (176) cryptographic data with which the device can decryptcontent. The cryptographic data may include encryption keys associatedwith the user account such as user keys and other user account dataassociated with the user account such as (but not limited to) user IDsand product SSL certificates. The cryptographic data may further beencrypted with a product key that is associated with the product IDissued to the device and a device key that is associated with the classof device to which it belongs (e.g., DVD players, televisions).

In many embodiments of the invention, a device connects to a contentserver to request and receive digital content. The server encrypts (178)the content using cryptographic data that can include encryption keysassociated with the user account such as user keys. The server sends theencrypted content to the device. The device may then store orimmediately play back the received content, using its storedcryptographic data to access the content. In some embodiments of theinvention, the device has user keys stored in memory that are encryptedwith a product key and device key. The device key and the product keyare used to decrypt (180) a user key and the user key is used to decrypt(181) the encrypted content. In other embodiments, any of a variety ofcombinations of keys and/or cryptographic data including a product keycan be utilized to access encrypted content.

As discussed above, certain variable product tags, such as a Digital.Secure Adaptive Streaming (DSAS) Software Version tag (PT10), can beused to indicate the version numbers for secure adaptive streamingsoftware components implemented on the device. Platform components mayinclude the playback software, operating system, and firmware. Thecollection of the Product ID and the product tags may indicate variousdevice capabilities, such as the category of asset the device can playback. For example, categories of assets may be specified by quality,performance, or resource utilization characteristics that can include(but are not limited to) a bitrate, video resolution, file size, videoformat, or audio format. Some categories may be lower quality and/orless resource intensive than others. The playback software version orother version number may be associated with certain categories. Thus, adevice may initially be manufactured with a software version that iscapable of playing back certain categories of assets and later updatedor upgraded to play back other categories of assets. A server maydetermine the playback capabilities based on a combination of theproduct ID, the constant, and the variable product descriptor tags.Alternatively, if no description for the capability using thiscombination is found, the server may match on the product ID and theconstant product descriptor tag values. Again, if no description for thedevice capability using this combination is found, the server mayperform a match only on the product ID field of the product descriptorand determine a gross set of capabilities that would be tied to thegranularity of the products that the product ID is associated with. Theidentified capabilities can be used for a variety of purposes. In thecontext of an adaptive bitrate streaming system, the identifiedcapabilities can be utilized to select streams appropriate to thespecific device from a set of available streams for inclusion in adynamically generated top level index file that is then provided to theplayback device for use during adaptive bitrate streaming. In otherapplications, knowledge of device capabilities can be used in any of avariety of different ways appropriate to the specific application.

Although a specific process is illustrated in FIG. 7, any of a varietyof processes can be utilized to verify the product ID of a device duringregistration and/or content distribution in accordance with embodimentsof the invention. In several embodiments of the invention, a server canverify the product tag data stored on a device by comparing a generatedproduct credential reference ID against a stored copy. A device sendsits stored product tag data and product credential reference ID to theserver. The server generates a product credential reference ID inaccordance with the corresponding product ID version from the receivedproduct tag data. The server then compares the newly generated productcredential reference ID with the product credential reference ID storedon the server for that set of product tag data and/or the productcredential reference ID received from the device.

Although the description above contains many specificities, these shouldnot be construed as limiting the scope of the invention but as merelyproviding illustrations of some of the presently preferred embodimentsof the invention. Various other embodiments are possible within itsscope. Accordingly, the scope of the invention should be determined notby the embodiments illustrated, but by the appended claims and theirequivalents.

1. A playback device, comprising: a processor; and memory configured tostore a product identifier, where the product identifier is associatedwith a specific product and is associated with cryptographicinformation; wherein the processor is configured by a client applicationto: request content from a server; communicate the product identifier toa server; and receive encrypted content accessible using cryptographicinformation including the cryptographic information associated with theproduct identifier.
 2. The playback device of claim 1, wherein theprocessor is further configured by a client application to communicate aproduct identifier version to the server.
 3. The playback device ofclaim 1, wherein the memory is further configured to store product tagdata associated with the product identifier, and wherein product tagdata comprises at least one product tag that describes a characteristicof the product.
 4. The playback device of claim 3, wherein the processoris further configured by a client application to: transmit product tagdata to a server; and receive confirmation from the server whether afirst product credential reference identifier that is generated from thetransmitted product tag data matches a second product credentialreference identifier stored on the server.
 5. The playback device ofclaim 3, wherein product tag data comprises at least one tag selectedfrom the group consisting of: product ID version, brand,ODM/manufacturer, device type, model number, base model number, siliconplatform ID, certified playback profile, country, and digital secureadaptive streaming software version.
 6. The playback device of claim 3,wherein the memory is further configured to store a product credentialreference identifier that is associated with the product identifier andis generated using at least a portion of the product tag data.
 7. Theplayback device of claim 6, wherein the method used to generate theproduct credential reference identifier is determined based upon aproduct identifier version.
 8. The playback device of claim 1, whereinthe cryptographic information associated with the product identifierincludes a product key.
 9. The playback device of claim 1, wherein thememory is further configured to store user account data.
 10. Theplayback device of claim 9, wherein the user account data includes auser identifier and cryptographic information associated with the useridentifier.
 11. The playback device of claim 10, wherein thecryptographic information associated with the user identifier includes auser key and product SSL certificate.
 12. The playback device of claim9, wherein the processor is further configured by a client applicationto receive cryptographic information associated with a user identifierand store the cryptographic information in memory.
 13. The playbackdevice of claim 10, wherein the content encrypted using thecryptographic information associated with the product identifierincludes the cryptographic information associated with the useridentifier.
 14. The playback device of claim 13, wherein: thecryptographic information associated with the product identifiercomprises a product key; and the processor is further configured by aclient application to access the cryptographic information associatedwith a user identifier using the product key.
 15. The playback device ofclaim 13, wherein: the cryptographic information associated with theproduct identifier comprises a product key; and the processor is furtherconfigured by a client application to access the cryptographicinformation associated with a user identifier using the product key anda device key.
 16. The playback device of claim 15, wherein the secondproduct credential reference identifier is stored on the server andassociated with product tag data stored on the server.
 17. The playbackdevice of claim 15, wherein: the second product credential identifier isstored in the memory and associated with the product tag data stored inthe memory; and the processor is further configured by a clientapplication to transmit the second product credential identifier to theserver.
 18. A method of identifying a playback device including aproduct identifier, the method comprising: communicating a productidentifier to a server, where the product identifier is associated witha specific product and is associated with cryptographic information;requesting content from the server; and receiving encrypted contentaccessible using cryptographic information including the cryptographicinformation associated with the product identifier.
 19. The method ofclaim 18, further comprising communicating a product identifier versionto the server.
 20. The method of claim 18, further comprisingassociating product tag data with the product identifier, where theproduct tag data comprises at least one product tag that describes acharacteristic of the product, and storing the product tag data inmemory.
 21. The method of claim 20, wherein product tag data comprisesat least one tag selected from the group consisting of: product IDversion, brand, ODM/manufacturer, device type, model number, base modelnumber, silicon platform ID, certified playback profile, country, anddigital secure adaptive streaming software version.
 22. The method ofclaim 20, further comprising associating a product credential identifierwith the product identifier, where the product credential referenceidentifier is uniquely generated using at least a portion of the producttag data, and storing the product credential identifier in memory. 23.The method of claim 22, wherein the method used to generate the productcredential reference identifier is based upon a product identifierversion.
 24. The method of claim 18, wherein the cryptographicinformation includes a product key.
 25. The method of claim 18, furthercomprising receiving and storing user account data.
 26. The method ofclaim 25, wherein the user account data includes a user identifier andcryptographic information associated with the user identifier.
 27. Themethod of claim 26, wherein the cryptographic information associatedwith the user identifier includes a user key and product SSLcertificate.
 28. The method of claim 27, further comprising accessingthe cryptographic information associated with a user identifier using aproduct key and a device key.
 29. The method of claim 26, wherein thecontent encrypted using the cryptographic information associated withthe product identifier includes the cryptographic information associatedwith the user identifier.
 30. The method of claim 20, furthercomprising: receiving a request for product tag data from a server;transmitting product tag data to the server; and receiving confirmationfrom the server whether a first product credential reference identifierthat is generated from the transmitted product tag data matches a secondproduct credential reference identifier.
 31. The method of claim 30,further comprising: retrieving a second product credential referenceidentifier from memory and transmitting the second product credentialreference identifier to the server.
 32. A machine readable mediumcontaining processor instructions, where execution of the instructionsby a processor causes the process to perform a process comprising:communicating a product identifier to a server, where the productidentifier is associated with a specific product and is associated withcryptographic information; requesting content from the server; andreceiving content encrypted using cryptographic information includingthe cryptographic information associated with the product identifier.33. A method for certifying a consumer electronics product, the methodcomprising: receiving product tag data; storing a product identifier, aproduct credential reference identifier, and at least one product tagfrom the received product tag data on a registration server so that theproduct credential reference identifier and the at least one product tagare associated with the product identifier; storing the productidentifier, the product credential reference identifier, and at leastone product tag from the received product tag data on a device; andretrieving the product credential reference identifier and at least oneproduct tag stored on the device to display in human-readable format.34. The method of claim 33, further comprising receiving input of theproduct credential reference identifier and the at least one product tagstored on the device into a certification terminal and transmitting theproduct credential reference identifier and the at least one product tagto the registration server.
 35. The method of claim 33, wherein producttag data comprises at least one tag selected from the group consistingof: product ID version, brand, ODM/manufacturer, device type, modelnumber, base model number, silicon platform ID, certified playbackprofile, country, and digital secure adaptive streaming softwareversion.
 36. The method of claim 33, wherein the product credentialreference identifier is generated using at least one product tag. 37.The method of claim 36, wherein the product credential referenceidentifier is generated using a cryptographic hash function.
 38. Themethod of claim 33, wherein receiving product tag data comprisesreceiving an electronic transmission that includes the product tag dataover a network.